Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: spam assassin rules

  1. #11
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Can you post the full message in a text attachment; including the MIME information. Will run through my install and see what it hits. A similar one I received today got the following scores
    Code:
    cached	not	 
    	score=57.1	 
    6	required	 
    	autolearn=spam	 
    3.00	AV_SS	SaneSecurity Signatures
    3.50	BAYES_99	Bayesian spam probability is 99 to 100%
    1.00	BOTNET	Relay might be a spambot or virusbot
    0.50	BOTNET_CLIENT	Relay has a client-like hostname
    0.50	BOTNET_CLIENTWORDS	Hostname contains client-like substrings
    0.50	BOTNET_IPINHOSTNAME	Hostname contains its own IP address
    2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
    0.00	DIGEST_MULTIPLE	Message hits more than one network digest check
    4.39	HELO_DYNAMIC_IPADDR2	Relay HELO'd using suspicious hostname (IP addr 2)
    3.49	HELO_DYNAMIC_SPLIT_IP	Relay HELO'd using suspicious hostname (Split IP)
    1.55	HTML_IMAGE_ONLY_20	HTML: images with 1600-2000 bytes of words
    0.38	HTML_IMAGE_RATIO_02	HTML has a low ratio of text to image area
    0.00	HTML_MESSAGE	HTML included in message
    0.00	HTML_SHORT_LINK_IMG_3	HTML is very short with a linked image
    4.00	JM_SOUGHT_1	 
    1.46	MIME_HTML_ONLY	Message only has text/html MIME parts
    3.70	PYZOR_CHECK	Listed in Pyzor (http://pyzor.sf.net/)
    0.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
    1.50	RAZOR2_CF_RANGE_E8_51_100	Razor2 gives engine 8 confidence level above 50%
    0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
    3.00	RCVD_IN_BRBL	Received via relay listed in Barracuda RBL
    0.91	RCVD_IN_PBL	Received via a relay in Spamhaus PBL
    0.88	RCVD_IN_SORBS_DUL	SORBS: sent directly from dynamic IP address
    1.00	RCVD_IN_SPAMRATS_DYNA	Sender listed in SpamRats DYNA
    2.07	RCVD_NUMERIC_HELO	Received: contains an IP address used for HELO
    0.10	RDNS_DYNAMIC	Delivered to trusted network by host with dynamic-looking rDNS
    1.67	SARE_FROM_DRUGS	 
    0.59	SARE_UNI	 
    1.93	TVD_RCVD_IP	 
    1.86	URIBL_AB_SURBL	Contains an URL listed in the AB SURBL blocklist
    1.96	URIBL_BLACK	Contains an URL listed in the URIBL blacklist
    4.00	URIBL_IVMURI	Contains a URL listed on ivmURI found at invaluement.com
    1.50	URIBL_JP_SURBL	Contains an URL listed in the JP SURBL blocklist
    1.50	URIBL_OB_SURBL	Contains an URL listed in the OB SURBL blocklist
    1.50	URIBL_WS_SURBL	Contains an URL listed in the WS SURBL blocklist

  2. #12
    bbarrons is offline Special Member
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default

    I grabbed the email and viewed it as original and that is what I got plus the link to .gif How to I get it to include the MIME info? This particluar email did make it to the users junk folder. some of these make it to the users inbox. How do I tell how it gets scored then? My feeling is I am putting my .cf files in the wrong directory . I did watch my graphs go down as soon as I implemented some new rules but because I have no other graphs to compare to I am not sure if I am getting the kind of spam protection I should be. I will look at fuzzyocr. I am sure I did not set that up so if it is not default then...

  3. #13
    bbarrons is offline Special Member
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default

    I have 2 systems, one at home for a test box and one at a school. The school is where my problem lies. that runs version 5.0.18 my home box runs 6.0
    Iworked on some settings last night. the school did not have dspam enable so I changed that as well as add the recommneded rbls' There is a noticable difference in spam this morning. WhenI ran zmtrainsa on both boxes this morning I did get an error on the school system. Can you tell from this error where I am going wrong?
    thanks
    Bill

    20090915094254 Starting spamassassin training.
    netset: cannot include 127.0.0.0/8 as it has already been included
    Learned tokens from 1 message(s) (1 message(s) examined)
    netset: cannot include 127.0.0.0/8 as it has already been included
    Learned tokens from 0 message(s) (0 message(s) examined)
    netset: cannot include 127.0.0.0/8 as it has already been included
    bayes: synced databases from journal in 1 seconds: 3081 unique entries (3974 total entries)
    20090915094301 Finished spamassassin training.
    20090915094301 Starting dspam training
    Taking Snapshot...
    zimbra TP: 0 TN: 0 FP: 0 FN: 0 SC: 0 NC: 0
    Training /tmp/ham.FJD8885 / /tmp/spam.ENG8884 corpora...
    [test: spam ] 123bdf0f577-0 result: sh: /opt/zimbra/dspam-3.8.0/bin/dspam: Permission denied

    ===== WOAH THERE =====
    I was unable to parse the result. Test Broken.
    ======================
    dspam_clean starting
    PROCESSING USER: zimbra
    Processing sigs; age: 14
    Processing probabilities; age: 0
    Processing unused; any: 90 quota: 30 nospam: 15 onehit: 15
    20090915094301 Finished dspam training

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mail delivery is very slow
    By chandu in forum Administrators
    Replies: 23
    Last Post: 09-04-2009, 12:05 AM
  2. 2 quick spam assassin questions
    By Nox in forum Administrators
    Replies: 1
    Last Post: 08-07-2008, 11:58 AM
  3. speed up the net
    By mcesari in forum Administrators
    Replies: 10
    Last Post: 04-25-2008, 11:24 AM
  4. Replies: 3
    Last Post: 03-21-2008, 09:47 AM
  5. Simple Spam Assassin help needed
    By gfdos.sys in forum Administrators
    Replies: 3
    Last Post: 09-17-2007, 12:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •